Here at Turnkey Consulting in Australia, we speak to many customers about their concerns with managing access risks in their SAP system.
Over the next 5 weeks, I will discuss the top 5 most commonly raised concerns that our customers have, and how GRC Access Control can address these. In summary, the issues are:
- Improper access to systems that may lead to loss from fraud or error
- Emergency access to systems, without the proper controls and auditability
- Reactive and fragmented approach to managing risk resulting in recurring audit issues
- Lack of visibility for management
- Excessive time and cost of audit
Improper access to systems that may lead to loss from fraud or error
We all know that most audits will uncover some Segregation of Duties (SoD) issues. If left unattended, excessive or conflicting access will most likely lead to loss due to fraud or error. An example of an error occurred when a user at our client, a global energy company, was authorised to run a poorly coded report, which ran for hours filling up critical tables which caused a system outage and prevented the payroll from running. An industrial relations dispute was narrowly avoided, as workers were not paid on time.
A recent example fraud occurred when a payroll officer at Australian whitegoods retailer Clive Peeters who had “full access” to their accounting systems stole $20m by altering EFT details and directing funds to her own bank account. This brought their share price down 95% and spelled the end of the company.
Both of the above scenarios could have been easily prevented by using Access Control to detect and prevent both SoD conflicts, and access to sensitive transactions. In our experience, clients have typically reduced their SoD violations by around 80% within first 3-6 months of implementing AC.